Thursday, December 11, 2014

QUICKFIX - New version 0.83 to correct bug

MEGA is doing some changes in their SSL certificates. It seems that they are quitting SSL3 because of the POODLE bugs, so it causes problems with MegaDownloader 0.82

I am releasing version 0.83 in order to correct it.

If you want to try it, please download it here. If nobody reports connection problems, I will put it in the download page.

Thanks for your patience.

Monday, April 8, 2013

Integrating ELC into your community


This article will explain how you can integrate the ELC system into your community - using MegaDownloader 0.8
For an overall view of the ELC system, please refer to the article: "Understanding mega:// links", section "ELC links".
Required knowledge: This article presupposes you have some knowledge about cryptography, hashing, BD, and HTTP protocol.

Server validation

ELC requires a server to perform two actions:
- Validate users, so only users of your community will be able to download the files.
- Encode or decode the internal password that will allow users to download the files.

Two pages are required:
- One page to show the users of your community HOW to configure their MegaDownloader/MegaUploader ELC account.
- One page to validate the data and perform the password encode/decode.

User validation

Each user will have two unique codes that will let them identify into your system. You have to provide them to your users using the first page.
The first code is the "Username", a public code that will identify which user wants to download the files.
The second code is the "API-Key", a private code that will validate the user as a valid member of your community.
Apart of that, you should also display to the user the URL of the second page (the one that validates the data).

This API-Key should NOT be the user's password. Using the user's password represents a security issue, because if you don't use SSL, the data will travel unencrypted.
The API-Key should be a code that validates the user for the ELC usage, and nothing else. If a third person gets the user's API-Key, he shouldn't be able to modify the user's account, or anything like that. An API-Key should also be regenerated when the user changes his password.

A good API-Key would be, for example, the hash generated from concatenating  the username and the hashed password stored in your system - normally you store a hash, not the plain password of the user. If the user changes his password, the API-Key will be changed, because the hashed password has been changed.
If you also add a random salt when generating the hash, then security is increased.
Normally communities use a CMS or forum, with their own tables where user data is stored.

For example, if your community DB has a table called "user", with two columns "username" and "password", you could do something like:
1) Get the value of the username and his (hashed) password.
2) Concatenate a random salt string to the username and the (hashed) password (optional but recommended).
3) Generate a hash (preferably a SHA256 or SHA512, it's longer but also more secure than MD5).

This final hash could be the API-Key.

Data process

So, in your first page, the one that displays the user's data to configure his ELC account, you should generate and display the API-Key. The page should also display the Username and the URL of the second page.

The second page will be used internally by MegaDownloader. You can find here a PHP example of this page.
Of course, if your system doesn't use PHP but another language (Java, .NET, etc) you should adapt the example to that language.
This page will receive HTTP POST petitions, so this page should not allow GET petitions - if a user puts this URL in his browser, an error should be displayed because this page is designed to be accesed with a POST petition.

MegaDownloader and MegaUploader will send 4 POST parameters when generating an ELC or when reading an ELC:

- Parameter "USER": Will contain the user's code.
- Parameter "APIKEY": Will contain the user's API-Key.
- Parameter "OPERATION_TYPE": Two possible values: E or C.
- Parameter "DATA": a string containing the data to process.

The first two parameters are used for validating the user; the other two parameters are used for processing the data.

The page will return, in all cases, a JSON response.

If there is an error (invalid user access, invalid data, etc), the page will return this structure:

{"e": "'ERROR DESCRIPTION", "d": ""}

If there is no error, the page will return this structure:

{"e": "", "d": "PROCESSED DATA"}

As you can see, only two parameters are returned: e (error) and d (data). One must be empty and the other filled.

The page will perform two different actions:

- First, it will validate the user by using the data contained in the "USER" and "APIKEY" parameters. If the user is not validated, then an error will be returned and the page won't continue with the second action.

- Once the user has been validated, then the page will process the data (by using the other two parameters "OPERATION_TYPE" and "DATA".

"OPERATION_TYPE" parameter will contain E or C (any other value will cause an error to be returned). E means Encrypt, and D means Decrypt. So basically, you will take the data contained in the "DATA" parameter, and will encrypt it or decrypt it depending on the value of "OPERATION_TYPE".
It's very important to emphasise that the input data of the E operation must be equal to the output data of the D operation, when the E output and the D input is the same. The encryption process must be simmetric!!

The way to implement the encryption/decryption process is up to you. But if you just want "something that works", then you can use the example provided previously.

The example page doesn't contain a "good" implementation of the first action: it just compares the USER and APIKEY values with a constant text. This is because depending on how your community works, you can make one implementation or another; the general idea of how it should work was provided in the previous paragraphs.

However, the second action is fully implemented. In the example, an AES cipher is performed to the data provided. You can use this example "as is", just changing the password at the beginning of the code.
If you prefer, you can implement the proces on another way. You can store the input data in your DB, and return the numeric ID of the inserted row. The decrypt process will receive the numeric ID, and you will retrieve the original information. It's perfectly valid - just take into account that this requires DB access, most resource consuming than performing an AES "on the fly".

How can you test this page?
The simplest way is by using Firefox  + an extension called "POSTER". You can also create a basic HTML form that POST the data to that URL, and open it with a browser. It's up to you.

Easy ELC configuration - Just click!

For users with little knowledge about computers, configuring the ELC can be confusing/difficult. For that reason, a "click once configuration" method has been created.

The idea is that the user click on a link, and MegaDownloader automatically configures the ELC account for the first time. That's all! The user has to do nothing else :D

In the page where you show the ELC information to the user, you should implement a mega:// link to do that. This mega:// link should be like this (copying the link also works if MegaDownloader is configured to detect links from clipboard):

As you can see, it's a mega:// link with the "configelc?" code. After that, there should be 4 parameters, each one separated with a ":" character:
- Parameter 1: The ELC URL of your site, URI encoded (you can do it with Javascript using encodeURIComponent). In this example, the URL is "" (note you can use & or ? if you need it)
- Parameter 2: The user name of the user, URI encoded. In this example "User name" (note it supports spaces and other strange characters).
- Parameter 3: The API-Key of the user, URI encoded. In this example "Api key" (note it supports spaces and other strange characters).
- Parameter 4: This is an optional parameter, you can specify the Alias of the ELC account, URI encoded - in this example "Account alias".

When the user clicks on the link, MegaDownloader will ask the user if he wants to create/update the ELC account. If he says "Yes", then the ELC account configuration will be imported - and he has to enter no data at all!


For users, adding an ELC account should be easy - just clicking on a link.
For developers, creating the ELC pages should be also easy - the ciphering method is provided in the example, and only an user validation system has to be implemented.

Using ELC is a solid and robust system to protect your MEGA links so they can't be reported, and people outside your community can't download them.

Sunday, March 31, 2013

Understanding mega:// links


From version 0.6, MegaDownloader supports mega:// links.
When you click on a mega:// link, MegaDownloader automatically opens and captures the link, so you can download them easily.
In this article, mega:// links will be explained and classified.

Mega links types

There are three basic types of Mega links:

Plain links.

These links contains the ID and the Key, similar to a normal mega link. For example, consider this link:!OFEQ0Y4Z!0123456789wVrs6n7Jyx8-9876543210nkI8MA5Gf4g

The mega:// equivalent link would be:

You can generate your own plain mega:// links just replacing "" by "mega://".

Encoded links.

This links contain the ID and the Key encoded, and the URI has the form "mega://enc?xxx".
These links are generated by both MegaDownloader and MegaUploader, by going to "Options"/"Encode URLs", or by using the right click option "See links" and selecting the "Encode URLs" option.

You can share the encoded links, and MegaDownloader will grab them when you click on them or when you copy them (if you have activated the "Capture links from Clipboard" option).

What's the target of the encoded links? It was designed with the idea of offering a basic link protection, so the user can download the file but can't know the original link.

Please take into account that the level of security offered is not very high. Links are encoded using an AES password, but a high skilled user/hacker can retrieve it and get the original link. However most of the people will not be able to do it: At this moment it is even easier to decrypt a DLC than these encoded links ;)

ELC links.

ELC is the acronym of "Encoded Link Container".

This format, that will be released with MegaDownloader 0.8 and MegaUploader 0.7, is under development, but will offer two features:
  1. Link protection: Users won't be able to know the original link.
  2. Copy protection: Only authorized users will be able to access the file.

This is achieved by using a server to validate the user that tries to download the file. The idea is that each community (forum, etc) have a page to validate users.
When you create an ELC link, you have to select the community (previously configuerd) that will be have access to the links.
Once generated, only users with a valid account in that community will be able to download the files. In this way, even if someone pastes the Mega links outside the community, nobody without a valid account in that community will be able to download the files.

Interally files will be encoded using a random AES password, that will be recodified by the server. So without a valid account, nobody would be able to retrieve the original links, so security is guaranteed. The idea behind ELC is similar to the DLC, with the difference that DLC is public so anyone can download the links inside a DLC; ELC links will be private so only members of a community will be able to download the links.

ELC links can be found as a file (*.elc extension), or as a mega:// link, with the form "mega://elc?xxx".

For using the ELC, each community has to implement two webpages: (1) one for the user, so he can see the URL, user and API-Key he has to enter into MegaDownloader's configuration, and (2) another to validate the users and encode/decode the data.

Do you want to test ELC by yourself?
Well, first you have to download the test version of MegaDownloader 0.8. Then, you have to go to "Configuration", "ELC accounts", and create a new account with this data:
  1. Alias: Put anything you want, it's just an identificative name.
  2. URL: Put the community's URL for the ELC. For this test, use a demo URL "".
  3. User: Put "test".
  4. API-Key: Put "test".

Now you will have configured a "demo" ELC account, so you can download all ELC links generated for this community.

Do you want to try an example? Click on this link, and two files will be added - if you ELC account is correctly configured!

A detailed article will explain it in depth, but meanwhile you can take a look at the source code of the demo page, available here. The encode/decode process is fully implemented (just change the password) but you will have to implement the user's validation.
Two fields will be sent on each petition: user and API-Key. The API-Key should be a code that identifies the user and only he should know it. For security, it should not be the user's password, but something like the hash of the nick + the hashed password stored in your DB, and should be shown on the first page we have commented (where the user sees the URL, user and API-Key, so he can configure MegaDownloader).

MegaDownloader and MegaUploader supports 3 types of mega:// links, with different levels of security, in order to use comfortably MegaDownloader and protect your Mega links :)

Link typeLink protectionCopy protection
Plain linksNoneNone
Encoded linksMediumNone
ELC linksHighHigh

Thursday, February 28, 2013

Watch videos online - streaming tutorial for MEGA.CO.NZ

Quick reference

Some users asked for a shorter version of the text. Here it is!
  1. Download MegaDownloader.
  2. Download VLC Player.
  3. Configure MegaDownlaoder: Go to "Options", "Configuration", "Streaming", check the option "Use streaming server", check the VLC path is correct. You can also check the option "Capture links from clipboard" from the configuration tab "General".
  4. Copy a MEGA link of a video file (avi, flv, mkv, mp4, etc). 
  5. A screen will appear, select "Watch online".
  6. Enjoy!
If you want to read the complete text, here it is!


Do you remember MegaVideo? It was great for watching videos online. And surely you have though: "if only Mega could stream videos...". Of course, videos without copyright :)
Well, there are good news: It is possible to watch online videos by streaming, hosted in MEGA.CO.NZ - using MegaDownloader!!


Remember MEGA has the files encrypted. MEGA is unable to know the content, and is unable to stream videos. 
But... if you know the key to decrypt the file... you could download it, decrypt the video "on the fly", and stream it to someone, couldn't you?
Basically, MegaDownloader downloads, decrypts and streams the video "on the fly" to any destination, using an integrated web-server. 
It's up to you to play the movie, using VLC for example, or any other player that accepts streaming: MegaDownloader gives you a "streaming URL" and you play it wherever you want.

What do I need?

First at all you need MegaDownloader, version 0.5 or newer. You can download it from here: 
Download MegaDownloader.

You also need a player. MegaDownloader is integrated with VLC, and works great: 
Download VLC.

Finally, you need the MEGA URL, with the key!

What if I don't use Windows?

VLC is available in many platforms. 
MegaDownloader works in Windows (and Mac using Parallels). However MegaDownloader acts as a "stream server". 
So you only need a Windows PC (or Mac) for running MegaDownloader, and then use the provided URL to stream the content to any device capable of playing stream videos, using a local network.

How to configure MegaDownloader

You only need to activate the streaming server. 
This is done by going to the configuration screen, and select the tab "Streaming". Check the option "Use streaming server", and check the VLC installation path is correct. Save the configuration. That's all!

That's great... but tell me how to watch videos online!!

Once you have installed and configured MegaDownloader and VLC, just copy into the clipboard a valid MEGA URL (note: the video can't be compressed in a zip or rar). 
If MegaDownloader has the option "Copy from the clipboard" activated, an "Add links" screen will appear, with the selected URL  (if not, open it manually).  

Now you will have two options: add the file to the download queue... or watch it online. Select that option. 
VLC will automatically start. 
After a while (the file download needs to start, and then the player buffer has to be filled) you will be able to watch the video. Please be patient while the video loads.

If you need to play it on other player or remote device, go to the "Streaming" menu, and select the first option "Watch online".
A screen will appear. Paste the link in the first textbox "MEGA URL link" and a new link will appear in the textbox "Streaming URL link". You can use that link into your favourite player :D

Oh, the URL is long... well, in that case it is possible to shorten it, if you need it.

Add the link into your Streaming Library, and the streaming URL will be shorter, with a numeric id. 
In order to add a MEGA URL to the library, go to the "Streaming" menu and select the option "Manage Library". A webpage will appear, and you will be able to add new elements to the library, providing a name, description, image link, etc. 
Once added, go to "Streaming" / "See Library" and you will be able to select easily the desired video... with a shorter link! 
If you play it on a remote device, remember to change the "localhost" path to your local network IP (for both accessing the Library Manager and the Streaming URL).

You can go to the Streaming library at any moment, just remember that MegaDownloader has to be running :)

What formats does it support?

MegaDownloader streams the video, without any type of conversion. So any file that VLC (or your chosen player) can play will be accepted for streaming: AVI, FLV, MKV, etc. Of course you need enough bandwidth for streaming the video. If you have a 128kbps Internet connection don't expect to stream a 20GB MKV file ;)
For streaming large video files, you may also have to configure the player for watching it smoothly (buffer size, etc).


The streaming is a brand new feature in MegaDownloader. 
It's pretty easy to configure it and use it. 
You only need MegaDownloader for streaming, and a player (like VLC) to play the video.
MegaDownloader also has a built-in library, so you can store and play the videos comfortably. In a future article I will explain more details about the built-in library.

Ver videos online - Tutorial de streaming de MEGA


Varios usuarios me han pedido que ponga un resumen esquematizado, ya que el texto es un poco largo. ¡Aquí está!
  1. Descargar MegaDownloader.
  2. Descargar VLC.
  3. Configurar MegaDownlaoder: Ir a "Opciones", "Configuración", "Streaming", marcar "Usar servidor de Streaming", verificar que la ruta del VLC es correcta. También se puede marcar la opción "Capturar links del portapapeles" en la pestaña "General" de la "Configuración".
  4. Copiar un link de MEGA que contenta un video (avi, flv, mkv, mp4, etc). 
  5. Saldrá una ventana con un botón "Ver Online". Hacer click en ese botón.
  6. ¡A disfrutar!
Os dejo el texto completo por si quereis leerlo ;) 



Seguramente somos muchos los que recordamos MegaVideo, y hemos pensado "si MEGA pudiera ofrecer streaming..." - de videos sin copyright, por supuesto :)
Bueno, hay buenas noticias: es posible ver videos online hospedados en MEGA.CO.NZ por streaming... con MegaDownloader!


MEGA guarda los ficheros cifrados, y no tiene posibilidad de conocer su contenido. Por esa razón no puede ofrecer videos en streaming.
Pero... si sabes la clave para descifrar el fichero, se podría descargar, descifrar "al vuelo" y ofrecerlo en streaming, ¿verdad?

Esa es la idea que sigue MegaDownloader. 
MegaDownloader descarga, descifra y ofrece en streaming videos "al vuelo" con un pequeño servidor integrado.

No es un reproductor, solo permite ofrecer streaming, así que hay que usar otra aplicación (por ejemplo VLC) para reproducir el video, o usar un reproductor multimedia remoto que acepte streaming.
MegaDownloader ofrece una "URL de streaming", y lo reproduces con lo que quieras!

¿Que necesito?

En primer lugar necesitas descargar la versión 0.5 o posterior de MegaDownloader:  
Descargar MegaDownloader.

También necesitas un reproductor. MegaDownloader se integra muy bien con VLC, por lo que se recomienda usar este reproductor:  
Descargar VLC.
Por último, necesitas un link válido de MEGA, con su clave. El fichero no debe estar partido o comprimido en rar o zip.

¿Y si no uso Windows?

VLC se puede descargar en varias plataformas.

MegaDownloader funciona en Windows, y también en Mac usando Parallels. 

Sin embargo, MegaDownloader hace de "servidor de streaming", por lo que solo necesitas un PC con Windows (o MAC) para ejecutar MegaDownloader, y luego usar la "URL de streaming" que genera para reproducir el vídeo en cualquier dispositivo conectado a la red local que admita streaming.

Como configurar MegaDownloader

Tan solo es necesario activar el servidor de streaming.
Has de abrir la pantalla de configuración, elegir la pestaña "Streaming", clickar la opción "Usar servidor de streaming", y comprobar que la ruta de instalación del VLC es correcta. Guardas la configuración, y listo!

¿Como empezar a ver videos por streaming?

Una vez estén instalados y configurados MegaDownloader y VLC, tan solo has de copiar un link válido a un video de Mega.

Si MegaDownloader tiene la opción "Copiar del portapapeles" activada, aparecerá una pantalla "Agregar enlaces" con la URL seleccionada. En caso contrario, deberás abrir manualmente la pantalla.
Aparecerán dos opciones: agregar el fichero a la cola de descargas, o ver el video online. Selecciona esta segunda opción, y el VLC se iniciará automáticamente.

Tan solo debes esperar un momento (el fichero debe empezar a bajar y el buffer se debe rellenar) y comenzará la reproducción del vídeo  Por favor ten paciencia mientras el vídeo carga.
Si necesitas reproducirlo en otro reproductor remoto, ve al menú "Streaming" y elige la primera opción "Ver online".

Aparecerá una ventana con un cuadro de texto "Enlace de MEGA". Pega el enlace de MEGA allí, y en el segundo cuadro "Enlace de streaming" se generará un enlace que podrás usar en tu reproductor favorito :D
Si el enlace es muy largo, tienes la posibilidad de acortarlo. Para ello, debes agregar en enlace a la Biblioteca, y te generará un enlace con un id numérico más fácil de recordar.

Para agregar un enlace de MEGA a la Biblioteca, ve al menú "Streaming" y elige la opción "Editar biblioteca". Se abrirá una página en la que podrás añadir nuevos elementos a la Biblioteca, incluyendo nombre, descripción, link de una imagen, etc.

Una vez agregado, ve de nuevo al menú "Streaming" y elige la opción "Ver biblioteca". En esta pantalla podrás elegir fácilmente cualquier video que tengas en la Biblioteca, con un link más corto.
Ten en cuenta que si usas un reproductor remoto, deberás cambiar la URL. Por defecto es "localhost", lo que significa que se reproduce en el mismo ordenador que se ejecuta MegaDownloader. Si accedes desde otro dispositivo a través de una red local, deberás poner la IP para acceder tanto a la URL de streaming como a la biblioteca.
Puedes acceder a la Biblioteca en cualquier momento, tan solo recuerda que MegaDownloader debe estar funcionando :)

¿Que formatos puedo reproducir por streaming?

MegaDownloader hace de servidor de streaming y no realiza ninguna conversión. Así que reproducirá todo lo que reproduzca el reproductor (VLC o el que elijas). Por supuesto necesitarás suficiente ancho de banda: con una conexión de 128kbps no esperes ver un MKV de 20GB ;)
Es posible que además tengas que configurar el reproductor (tamaño de buffer, etc) para ver los videos de forma fluida, especialmente con vídeos grandes.


MegaDownloader incorpora la posibilidad de hacer streaming de cualquier video alojado en MegaDownloader.
Configurarlo y hacerlo funcionar es muy sencillo. Tan solo necesitas MegaDownloader y un reproductor (como VLC).
MegaDownloader incorpora una Biblioteca integrada, para guardar, importar y exportar los videos de forma fácil y sencilla.
En un artículo futuro se explicará con más detalles la Biblioteca integrada.

Wednesday, February 27, 2013

Contribute [English]

MegaDownloader is completely free and has no ads.

If you are satisfied with MegaDownloader and want to help MegaDownloader improve or motivate the development of other quality programs, any amount of donation small or large will be welcome and gratefully appreciated.

Thanks! :)

You cand also send me some Litecoins, if you prefer!

LTC Wallet: LXDHPf3TH582fsDdkynP1iMBRjdN5LisqF

Colabora [Castellano]

MegaDownloader es una aplicación totalmente gratuita, sin publicidad.

Si te ha sido útil, y quieres colaborar en el desarrollo para mejorar MegaDownloader, o para el desarrollo de nuevas aplicaciones, cualquier donación, grande o pequeña, será bienvenida :)

¡Muchas gracias!

Si lo prefieres, también puedes enviarme algunos Litecoins! ;)

Cartera LTC: LXDHPf3TH582fsDdkynP1iMBRjdN5LisqF